Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-18570

Entire view fails if user does not have read permissions to every job within a view (project-based security)

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: sectioned-view-plugin
    • Labels:
      None
    • Environment:
      Sectioned-View 1.18
      Jenkins 1.520
    • Similar Issues:

      Description

      If the user does not have Read access to every single job in a given sectioned view the entire view fails (crashes).

      This is specifically a problem when using project-based security where not all users will have read permissions to all jobs in a view. Every other view type simply omits the specific job from the view for that user.

      In Firefox they're presented with a browser error, "Content Encoding Error - The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression."

      IE responds, "This Page Can't Be Displayed"

      Chrome responds, "This webpage is not available
      The webpage at https://build-master/jenkins/view/LNEC/ might be temporarily down or it may have moved permanently to a new web address.
      Error 330 (net::ERR_CONTENT_DECODING_FAILED): Unknown error."

      To reproduce:

      Create a job with project-based security enabled. Call it "Foo" and Disable Read for Anonymous.

      Create another job with project-based security enabled, but this time enable Read and Discover for Anonymous. Call this job "Bar".

      Create a new sectioned-view, call it "Test View"

      Add jobs Foo and Bar to Test View.

      Login to Jenkins with an account that is neither an Admin nor has global Read permissions (but does have global View permissions).

      Attempt to navigate to Test View.

      Result: Content-coding browser exception.

      Expected result: Test View displayed with only Bar listed (since we lack the ability to read Foo).

      Exception log/stack trace attached.

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              tbingaman Timothy Bingaman
              Reporter:
              byronbrummer Byron Brummer
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: